[thelist] Web Database Security (was: how did they hack...)

Raymond Camden jedimaster at macromedia.com
Thu Apr 19 12:42:37 CDT 2001


I believe the point wasn't to strip out bad sql, ie, drop table, but to
escape the single quote, so the bad SQL doesn't matter anymore. That's what
I got, anyway. :)

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia

Email   : jedimaster at macromedia.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Simon Coggins
> Sent: Thursday, April 19, 2001 12:30 PM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] Web Database Security (was: how did they hack...)
>
>
>
> > Have you looked at server-side regular expressions? I'm not
> familiar with
> > PHP, but this might help (it's for ASP):
> > http://dynamic.15seconds.com/Issue/page.asp?Page_Id=306
>
> I thought about using RegExps to check for certain strings but I had a
> couple of problems with the idea:
>





More information about the thelist mailing list